electron-builder: Cannot find valid code signing certificate despite valid identities being printed in console during build

  • Version: 19.54.0
  • Electron Builder: 2.19.1
  • Target: mac, windows, linux (–mwl)

I run the command build --em.main=build/electron.js -mwl --x64 e -p always and it goes through the proper steps and then it says “skipped macOS application code signing reason=cannot find valid “Developer ID Application” identity or custom non-Apple code signing certificate, see https://electron.build/code-signing allIdentities=” and prints:

1) 2B12438F977D8D2F0E1CEDEBC76A7422FD04587E "3rd Party Mac Developer Application: Foo.io Inc (EHV7XZLAHA)"
 2) FAC6726A0A4AFC4C06D46A46834279BB3EB25844 "3rd Party Mac Developer Installer: Foo.io Inc (EHV7XZLAHA)"
           2 identities found

Valid identities only
1) 2B12438F977D8D2F0E1CEDEBC76A7422FD04587E "3rd Party Mac Developer Application: Foo.io Inc (EHV7XZLAHA)"
2) FAC6726A0A4AFC4C06D46A46834279BB3EB25844 "3rd Party Mac Developer Installer: Foo.io Inc (EHV7XZLAHA)"

I’m at a loss… Cannot figure out how to sign my application with electron-builder.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 9
  • Comments: 28 (1 by maintainers)

Most upvoted comments

The “3rd Party Mac Developer Application” =/= “Developer ID Application”

I just found out that you should be able to generate one of the correct type of profiles from XCode but you need to be the team agent in your Apple Developer program (if you are enterprise)

Try XCode > Preferences > Accounts > … > Manage Certificates > + > Developer ID Application

+38
tjdcs on Feb 7, 2018

Is security find-identity -vp codesigning able to find your certs?

+6
zhaoterryy on Dec 1, 2018

Here’s what worked for me, hopefuly it’ll be useful to someone else that runs into this issue:

1. How do I check I have a valid identity certificate?

Run security find-identity -vp codesigning. You should see a 1 valid identities found. If it shows 0, it means you need to generate a new one.

2. What specific certificates do I need?

  • If your app will be distributed inside the App store, you’ll need: Mac App Distribution and Mac Installer Distribution.
  • If your app will be distributed outside the Mac App Store: Developer ID Application and Developer ID Installer

3. Where do I get those certificates?

You can generate them here. Choose the ones according to the previous point.

IMPORTANT: If you have XCode 11 or later, you will need to generate new developer and installer certificates even if the ones on your the apple website are not expired! Make sure you select Profile Type > G2 Sub-CA (Xcode 11.4.1 or later) on the “Create a New Certificate” screen!

Download them and double-click them to add to your keychain

4. Is that it?

No. You also need to ensure you have a Certification Authority. To check

certtool y | grep Developer\ I

This should print a list

   Common Name     : Developer ID Certification Authority
   Common Name     : Developer ID Installer: <Your name> (XXX)
   Common Name     : Developer ID Application: <Your name> (XXX)

You should have them all 3. If you’re missing the authority one, go to this page. In my case, I needed the Developer ID - G2 and the Worldwide Developer Relations - G2.

Good luck.

+4
typologist on Oct 14, 2022

I had the same issue, turns out that Mac updates have installed XCode 11 and the signing script is now looking for different certificates.

You need to log in here and download certificates for: Apple Development Apple Distribution https://developer.apple.com/account/resources/certificates/list

The old Developer ID XXX ones don’t seem to work anymore.

After installing the above certs … running security find-identity -vp codesigning shows the certs are found

+4
stukennedy on Nov 23, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

+4
stale[bot] on Jul 1, 2019

This Apple stuff is a total crap…

It does not work neither with ‘Apple Distribution’ nor with ‘Developer ID Application’

What is ‘3rd Party Mac Developer Application’? is there any guide how to generate this one?

+3
DaveLomber on May 19, 2020

Any updates on this? 😦

+2
juriadams on Apr 28, 2020

I met the same issue today. It turns out that I didn’t install the intermediate cert. After I installed the intermediate cert, the issue disappeared.

+1
tylerlong on Feb 26, 2023

Be aware that another reason for this to fail is if you try to do it via remote SSH or via a CI server. The fact there is no GUI means the keychain remains locked, meaning there is no access to the key.

The clue to this will that it reports a errSecInternalComponent error. And the command to run (in the SSH) before you trigger your build is: security unlock-keychain -p {account-password} login.keychain

See also https://github.com/electron-userland/electron-builder/issues/4455#

+1
camlin on Jun 10, 2020

@zhaoterryy no it’s not listing in my case. I have a Developer ID Application: xxx.... visible in keychain but not in command line. Any tips more than welcome, thanks.

+1
lemmycaution on Nov 18, 2019

I’m seeing same issue, I think. I can see the certificates in keychains, with private key, but “security find-identity” doesn’t show them. code sign won’t let me use them for signing. Stuck. If I take the “-p codesigning” off the end of the security command the missing certs show up. I just can’t use them.

+1
AndrewKeplinger on Nov 15, 2019
Read more comments on GitHub
← electron-builder: Cannot find module napi-v6-darwin-unknown-x64 in the universal app
electron-builder: Cannot install fcopy-pre-bundled →